From 0435b6511f87c2f74b4d7b45e28c5eef32116228 Mon Sep 17 00:00:00 2001 From: lassulus Date: Sun, 18 Nov 2018 21:39:29 +0100 Subject: l: add osmocom@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index 733115a7..bf43ee7d 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -91,6 +91,7 @@ with import ; { from = "ksp@lassul.us"; to = lass.mail; } { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } + { from = "osmocom@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From 5e3955c79a0e33a379795be787f5a3496191d35b Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:13:48 +0100 Subject: l blue-host: add start/stop scripts --- lass/2configs/blue-host.nix | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 83c235f3..a4068577 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -20,4 +20,23 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + environment.systemPackages = [ + (pkgs.writeDashBin "start-blue" '' + set -ef + if ping -c1 blue.r; then + echo 'blue is already running. bailing out' + exit 23 + fi + if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then + ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue + fi + nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src switch + '') + (pkgs.writeDashBin "stop-blue" '' + set -ef + nixos-container stop blue + fusermount -u /var/lib/containers/blue + '') + ]; } -- cgit v1.2.3 From 021d4960dbb1401245bd2a509b4529eae74c49a1 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:08 +0100 Subject: l blue-host: add rxvt_unicode.terminfo --- lass/2configs/blue-host.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index a4068577..f9da0507 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -8,7 +8,10 @@ with import ; systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { - environment.systemPackages = [ pkgs.git ]; + environment.systemPackages = [ + pkgs.git + pkgs.rxvt_unicode.terminfo + ]; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ config.krebs.users.lass.pubkey -- cgit v1.2.3 From 0646503bfbad54a61315da7d77679722d90e79d8 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:21 +0100 Subject: l blue-host: don't autostart --- lass/2configs/blue-host.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index f9da0507..2302c70e 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -17,7 +17,7 @@ with import ; config.krebs.users.lass.pubkey ]; }; - autoStart = true; + autoStart = false; enableTun = true; privateNetwork = true; hostAddress = "10.233.2.9"; -- cgit v1.2.3 From 46e00f3c28fe983516f29192939b98b884311885 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:14:54 +0100 Subject: l prometheus: enable anonymous grafana login --- lass/2configs/monitoring/prometheus-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/monitoring/prometheus-server.nix b/lass/2configs/monitoring/prometheus-server.nix index aef67163..b7083c77 100644 --- a/lass/2configs/monitoring/prometheus-server.nix +++ b/lass/2configs/monitoring/prometheus-server.nix @@ -177,7 +177,8 @@ addr = "0.0.0.0"; domain = "grafana.example.com"; rootUrl = "https://grafana.example.com/"; - security = import ; # { AdminUser = ""; adminPassword = ""} + auth.anonymous.enable = true; + auth.anonymous.org_role = "Admin"; }; }; services.logstash = { -- cgit v1.2.3 From 64e435e25e830b4be12062c1538db643c17822df Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:15:56 +0100 Subject: l domsen: add xanf user --- lass/2configs/websites/domsen.nix | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix index 828cab95..4935268a 100644 --- a/lass/2configs/websites/domsen.nix +++ b/lass/2configs/websites/domsen.nix @@ -139,6 +139,13 @@ in { ssl_key = "/var/lib/acme/lassul.us/key.pem"; }; + users.users.xanf = { + uid = genid_uint31 "xanf"; + home = "/home/xanf"; + useDefaultShell = true; + createHome = true; + }; + users.users.domsen = { uid = genid_uint31 "domsen"; description = "maintenance acc for domsen"; -- cgit v1.2.3 From 81c18a4f44c44dbff4e100316aca28f8db17e14e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 01:32:04 +0100 Subject: l mail: add more vboxes --- lass/2configs/mail.nix | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index 46939c97..d9589ce8 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -31,6 +31,7 @@ let ''; mailboxes = { + afra = [ "to:afra@afra-berlin.de" ]; c-base = [ "to:c-base.org" ]; coins = [ "to:btce@lassul.us" @@ -49,8 +50,10 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; + india = [ "to:hillhackers@lists.hillhacks.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; + meetup = [ "to:meetup@lassul.us" ]; nix = [ "to:nix-devel@googlegroups.com" "to:nix@lassul.us" ]; patreon = [ "to:patreon@lassul.us" ]; paypal = [ "to:paypal@lassul.us" ]; -- cgit v1.2.3 From 9807d6823b31f36eb6b255cf7a01431e7e44a74e Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:17 +0100 Subject: l blue-host: sync state, start only when safe --- lass/2configs/blue-host.nix | 74 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 66 insertions(+), 8 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 2302c70e..be9f68c0 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -1,11 +1,28 @@ { config, lib, pkgs, ... }: with import ; +let + all_hosts = [ + "icarus" + "shodan" + "daedalus" + "skynet" + "prism" + ]; + remote_hosts = filter (h: h != config.networking.hostName) all_hosts; -{ +in { imports = [ + { #hack for already defined + systemd.services."container@blue".reloadIfChanged = mkForce false; + systemd.services."container@blue".preStart = '' + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + ''; + systemd.services."container@blue".preStop = '' + /run/wrappers/bin/fusermount -u /var/lib/containers/blue + ''; + } ]; - systemd.services."container@blue".reloadIfChanged = mkForce false; containers.blue = { config = { ... }: { environment.systemPackages = [ @@ -23,10 +40,56 @@ with import ; hostAddress = "10.233.2.9"; localAddress = "10.233.2.10"; }; + + + systemd.services = builtins.listToAttrs (map (host: + let + in nameValuePair "sync-blue-${host}" { + bindsTo = [ "container@blue.service" ]; + wantedBy = [ "container@blue.service" ]; + # ssh needed for rsync + path = [ pkgs.openssh ]; + serviceConfig = { + Restart = "always"; + RestartSec = 10; + ExecStart = pkgs.writeDash "sync-blue-${host}" '' + set -efu + #make sure blue is running + /run/wrappers/bin/ping -c1 blue.r > /dev/null + + #make sure the container is unlocked + ${pkgs.mount}/bin/mount | ${pkgs.gnugrep}/bin/grep -q '^encfs on /var/lib/containers/blue' + + #make sure our target is reachable + ${pkgs.untilport}/bin/untilport ${host}.r 22 2>/dev/null + + #start sync + ${pkgs.lsyncd}/bin/lsyncd -log scarce ${pkgs.writeText "lsyncd-config.lua" '' + settings { + nodaemon = true, + inotifyMode = "CloseWrite or Modify", + } + sync { + default.rsyncssh, + source = "/var/lib/containers/.blue", + host = "${host}.r", + targetdir = "/var/lib/containers/.blue", + ssh = { + binary = "${pkgs.openssh}/bin/ssh"; + identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", + }, + } + ''} + ''; + }; + unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; + } + ) remote_hosts); + environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r; then + if ping -c1 blue.r >/dev/null; then echo 'blue is already running. bailing out' exit 23 fi @@ -36,10 +99,5 @@ with import ; nixos-container start blue nixos-container run blue -- nixos-rebuild -I /var/src switch '') - (pkgs.writeDashBin "stop-blue" '' - set -ef - nixos-container stop blue - fusermount -u /var/lib/containers/blue - '') ]; } -- cgit v1.2.3 From 24a82d39f57be38898519edea6baaf6c04741ecb Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 20 Nov 2018 23:02:48 +0100 Subject: l mail: add hackbeach to india vbox --- lass/2configs/mail.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index d9589ce8..b5bbea75 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -50,7 +50,7 @@ let eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; - india = [ "to:hillhackers@lists.hillhacks.in" ]; + india = [ "to:hillhackers@lists.hillhacks.in" "to:hackbeach@lists.hackbeach.in" ]; kaosstuff = [ "to:gearbest@lassul.us" "to:banggood@lassul.us" "to:tomtop@lassul.us" ]; lugs = [ "to:lugs@lug-s.org" ]; meetup = [ "to:meetup@lassul.us" ]; -- cgit v1.2.3 From 9f9a53723bd79b029d398c0542a686bd8ed56151 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 00:59:40 +0100 Subject: l blue-host: fix permissions --- lass/2configs/blue-host.nix | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index be9f68c0..e80ce326 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -23,6 +23,12 @@ in { ''; } ]; + + system.activationScripts.containerPermissions = '' + mkdir -p /var/lib/containers + chmod 711 /var/lib/containers + ''; + containers.blue = { config = { ... }: { environment.systemPackages = [ -- cgit v1.2.3 From 304059b1da4ac256d1487e83a7280d0db6615c2d Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:14 +0100 Subject: l blue-host: sync also owner and group --- lass/2configs/blue-host.nix | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index e80ce326..6d46cb8c 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -80,6 +80,10 @@ in { source = "/var/lib/containers/.blue", host = "${host}.r", targetdir = "/var/lib/containers/.blue", + rsync = { + owner = true, + group = true, + }; ssh = { binary = "${pkgs.openssh}/bin/ssh"; identityFile = "/var/lib/containers/blue/home/lass/.ssh/id_rsa", -- cgit v1.2.3 From a1c261d61b243549bb2525da57bf3fada805f7f5 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:00:59 +0100 Subject: l blue-host: dry-build blue first --- lass/2configs/blue-host.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lass/2configs') diff --git a/lass/2configs/blue-host.nix b/lass/2configs/blue-host.nix index 6d46cb8c..fba99674 100644 --- a/lass/2configs/blue-host.nix +++ b/lass/2configs/blue-host.nix @@ -99,14 +99,15 @@ in { environment.systemPackages = [ (pkgs.writeDashBin "start-blue" '' set -ef - if ping -c1 blue.r >/dev/null; then - echo 'blue is already running. bailing out' - exit 23 - fi if ! $(mount | ${pkgs.gnugrep}/bin/grep -qi '^encfs on /var/lib/containers/blue'); then ${pkgs.encfs}/bin/encfs --public /var/lib/containers/.blue /var/lib/containers/blue fi nixos-container start blue + nixos-container run blue -- nixos-rebuild -I /var/src dry-build + if ping -c1 blue.r >/dev/null; then + echo 'blue is already running. bailing out' + exit 23 + fi nixos-container run blue -- nixos-rebuild -I /var/src switch '') ]; -- cgit v1.2.3 From f19b35b7ab0a272724d39b8cfd65181e220c727a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:16 +0100 Subject: l fetchWallpaper: remove maxTime --- lass/2configs/fetchWallpaper.nix | 1 - 1 file changed, 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/fetchWallpaper.nix b/lass/2configs/fetchWallpaper.nix index e756c342..065ee9c4 100644 --- a/lass/2configs/fetchWallpaper.nix +++ b/lass/2configs/fetchWallpaper.nix @@ -7,7 +7,6 @@ in { enable = true; unitConfig.ConditionPathExists = "!/var/run/ppp0.pid"; url = "prism/realwallpaper-krebs.png"; - maxTime = 10; }; } -- cgit v1.2.3 From 8a6fd4d0044259574fec1b16d3ea441aee5eedda Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 01:01:56 +0100 Subject: l radio: add mp3 stream --- lass/2configs/radio.nix | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix index bf685580..85faded1 100644 --- a/lass/2configs/radio.nix +++ b/lass/2configs/radio.nix @@ -60,10 +60,25 @@ in { group = "radio"; musicDirectory = "/home/radio/the_playlist/music"; extraConfig = '' + audio_output { + type "shout" + encoding "lame" + name "the_playlist_mp3" + host "localhost" + port "8000" + mount "/radio.mp3" + password "${source-password}" + bitrate "128" + + format "44100:16:2" + + user "source" + genre "good music" + } audio_output { type "shout" encoding "ogg" - name "the_playlist" + name "the_playlist_ogg" host "localhost" port "8000" mount "/radio.ogg" -- cgit v1.2.3 From d1020af2b3aac2d823240627980f846e6dc9797c Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:13 +0100 Subject: l: add ssl for cache.{krebsco.de,lassul.us} --- lass/2configs/binary-cache/server.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'lass/2configs') diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index 220e41d0..86158c46 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -20,7 +20,14 @@ services.nginx = { enable = true; virtualHosts.nix-serve = { - serverAliases = [ "cache.prism.r" "cache.krebsco.de" "cache.lassul.us" ]; + serverAliases = [ "cache.prism.r" ]; + locations."/".extraConfig = '' + proxy_pass http://localhost:${toString config.services.nix-serve.port}; + ''; + }; + virtualHosts."cache.krebsco.de" = { + serverAliases = [ "cache.lassul.us" ]; + enableACME = true; locations."/".extraConfig = '' proxy_pass http://localhost:${toString config.services.nix-serve.port}; ''; -- cgit v1.2.3 From 42405d18cffbf9ef42ea5e29f0c3ae9ab607471a Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:01:58 +0100 Subject: l: add lesswrong@lassul.us --- lass/2configs/exim-smarthost.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/exim-smarthost.nix b/lass/2configs/exim-smarthost.nix index bf43ee7d..9bb70d1c 100644 --- a/lass/2configs/exim-smarthost.nix +++ b/lass/2configs/exim-smarthost.nix @@ -92,6 +92,7 @@ with import ; { from = "ccc@lassul.us"; to = lass.mail; } { from = "neocron@lassul.us"; to = lass.mail; } { from = "osmocom@lassul.us"; to = lass.mail; } + { from = "lesswrong@lassul.us"; to = lass.mail; } ]; system-aliases = [ { from = "mailer-daemon"; to = "postmaster"; } -- cgit v1.2.3 From eef1d7877defd7c310dc20f62bf96c7b8f408044 Mon Sep 17 00:00:00 2001 From: lassulus Date: Tue, 27 Nov 2018 04:02:22 +0100 Subject: l mails: add dn42 vbox --- lass/2configs/mail.nix | 1 + 1 file changed, 1 insertion(+) (limited to 'lass/2configs') diff --git a/lass/2configs/mail.nix b/lass/2configs/mail.nix index b5bbea75..9ea91ae1 100644 --- a/lass/2configs/mail.nix +++ b/lass/2configs/mail.nix @@ -47,6 +47,7 @@ let ]; dezentrale = [ "to:dezentrale.space" ]; dhl = [ "to:dhl@lassul.us" ]; + dn42 = [ "to:dn42@lists.nox.tf" ]; eloop = [ "to:eloop.org" ]; github = [ "to:github@lassul.us" ]; gmail = [ "to:gmail@lassul.us" "to:lassulus@gmail.com" "lassulus@googlemail.com" ]; -- cgit v1.2.3